Summary: ERR_error_string will use a static buffer if none is provided. This is unsafe in threaded envs when we build a string out of it later. Switch this to use ERR_error_string_n
Reviewed By: yfeldblum, knekritz
Differential Revision:
D6664958
fbshipit-source-id:
2071347373ac61ebc28296fa66845cd718172b5e
auto err = ERR_get_error();
if (ERR_GET_LIB(err) != ERR_LIB_X509 ||
ERR_GET_REASON(err) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
auto err = ERR_get_error();
if (ERR_GET_LIB(err) != ERR_LIB_X509 ||
ERR_GET_REASON(err) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+ std::array<char, 256> errBuff;
+ ERR_error_string_n(err, errBuff.data(), errBuff.size());
throw std::runtime_error(folly::to<std::string>(
"Could not insert CA certificate into store: ",
throw std::runtime_error(folly::to<std::string>(
"Could not insert CA certificate into store: ",
- std::string(ERR_error_string(err, nullptr))));
+ std::string(errBuff.data())));